Securely serving results of dynamic user-provided code over the web
First Claim
1. A method of providing a result of executing unverified, potentially malicious, or untested code from a first server at a first network domain to a requesting device over an information-exchange network, the method comprising:
- receiving, at the first server at the first network domain, a content request from the requesting device, the content request including a request for the result of executing the unverified, potentially malicious, or untested code;
executing the code at the first server at the first network domain to produce an output that includes the requested result;
sending the produced output to a second server at a second network domain by providing, to the requesting device, the produced output as part of a redirection instruction to the second server to prevent the executed code from accessing domain resources from the first network domain; and
delivering the provided produced output to the requesting device via the second server, wherein the second server processes the provided produced output and delivers the processed produced output to the requesting device to prevent harmful or unexpected results from being accessed by the requesting device.
2 Assignments
0 Petitions
Accused Products
Abstract
The disclosure relates to a system and method where a first user may submit untested or unverified code to a first server, which code may be accessed by a user via a browser. The first server provides results of the executed code to a second server via a redirect request. The redirected output is then sent from the second server back to the user'"'"'s browser. For example, the results of the executed code can be returned to the user immediately without storage, such that malicious code embedded in a result of the executed code cannot access domain resources from the same domain as a URL associated with the executed code, and only the user requesting execution of the code can see the result.
35 Citations
20 Claims
-
1. A method of providing a result of executing unverified, potentially malicious, or untested code from a first server at a first network domain to a requesting device over an information-exchange network, the method comprising:
-
receiving, at the first server at the first network domain, a content request from the requesting device, the content request including a request for the result of executing the unverified, potentially malicious, or untested code; executing the code at the first server at the first network domain to produce an output that includes the requested result; sending the produced output to a second server at a second network domain by providing, to the requesting device, the produced output as part of a redirection instruction to the second server to prevent the executed code from accessing domain resources from the first network domain; and delivering the provided produced output to the requesting device via the second server, wherein the second server processes the provided produced output and delivers the processed produced output to the requesting device to prevent harmful or unexpected results from being accessed by the requesting device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer-readable medium having embodied thereon instructions which, when executed by a processor, cause the processor to perform a method of providing a result of executing unverified, potentially malicious, or untested code from a first server at a first network domain to a requesting device over an information-exchange network, the method comprising:
-
receiving, at the first server at the first network domain, a content request from the requesting device, the content request including a request for the result of executing the unverified, potentially malicious, or untested code; executing the code at the first server at the first network domain to produce an output that includes the requested result; sending the produced output to a second server at a second network domain by providing, to the requesting device, the produced output as part of a redirection instruction to the second server to prevent the executed code from accessing domain resources from the first network domain; and delivering the provided produced output to the requesting device via the second server, wherein the second server processes the provided produced output and delivers the processed produced output to the requesting device to prevent harmful or unexpected results from being accessed by the requesting device. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A system comprising:
-
a processor; and a processor-readable memory having stored therein instructions which, when executed by the processor, cause the processor to perform a method of receiving a result of executing unverified, potentially malicious, or untested code from a first server at a first network domain at a requesting device over an information-exchange network, the method comprising; generating a content request from the requesting device to the first server at the first network domain, the content request including a request for the result of executing the unverified, potentially malicious, or untested code; sending an output, produced by execution of the code at the first server at the first network domain, that includes the requested result to a second server at a second network domain by providing, from the requesting device, the produced output as part of a redirection instruction to the second server to prevent the executed code from accessing domain resources from the first network domain; and receiving the provided produced output at the requesting device from the second server, wherein the second server processes the provided produced output and delivers the processed produced output to the requesting device to prevent harmful or unexpected results from being accessed by the requesting device. - View Dependent Claims (19, 20)
-
Specification